General
-
Target
3f1101fc46386a1a429d486be5d8bae3.exe
-
Size
365KB
-
Sample
230802-kqe6kseg9z
-
MD5
3f1101fc46386a1a429d486be5d8bae3
-
SHA1
b7654e3c896f147d1849749e9fce418be7b28859
-
SHA256
dc9a1f9a6534e1fb2a7cdd410b0d94b8a55eebef7f26302f358c2f715fe3d30e
-
SHA512
b6ac741b5af7994bf84d9e5c20e4f0f800390792fbee11dda68ff0139fe9c4c32fe83ceb198393d976673de53abd6c07414014a9fa55c036716d358ebe877759
-
SSDEEP
6144:mDW5mfXMetOQbuRZCewRjdcxxyZkUHtl73LpsgrpeXbDIIPPCUMFulS+42:t5m/XOQyRZgdcxxyZb3LpfbEnlS+42
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alroman.com - Port:
587 - Username:
[email protected] - Password:
abc@24638 - Email To:
[email protected]
Targets
-
-
Target
3f1101fc46386a1a429d486be5d8bae3.exe
-
Size
365KB
-
MD5
3f1101fc46386a1a429d486be5d8bae3
-
SHA1
b7654e3c896f147d1849749e9fce418be7b28859
-
SHA256
dc9a1f9a6534e1fb2a7cdd410b0d94b8a55eebef7f26302f358c2f715fe3d30e
-
SHA512
b6ac741b5af7994bf84d9e5c20e4f0f800390792fbee11dda68ff0139fe9c4c32fe83ceb198393d976673de53abd6c07414014a9fa55c036716d358ebe877759
-
SSDEEP
6144:mDW5mfXMetOQbuRZCewRjdcxxyZkUHtl73LpsgrpeXbDIIPPCUMFulS+42:t5m/XOQyRZgdcxxyZb3LpfbEnlS+42
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-